STOP 7 Kernel Cryptographic Module FIPS 140-2 Security Policy BAE Systems 2525 Network Place Herndon, VA 20171 USA July 18, 2011 Revision Version 1.02 This non-proprietary security policy may be redistributed intact, free of modification. Page 1 of 10 Contents  1.  Introduction ................................................................................................................. 3  1.1.  Purpose ................................................................................................................ 3  1.2.  Glossary .............................................................................................................. 4  2.  Roles, Services, and Authentication ........................................................................... 5  2.1.  Roles ................................................................................................................... 5  2.1.1.  User Role .................................................................................................... 5  2.1.2.  Crypto-officer Role ..................................................................................... 5  3.  Secure Operation and Security Rules ......................................................................... 6  3.1.  Security Rules ..................................................................................................... 6  3.1.1.  FIPS 140-2 Security Rules .......................................................................... 6  3.2.  Cryptographic Algorithms .................................................................................. 6  3.2.1.  Self-Tests .................................................................................................... 7  4.  Cryptographic Key Management ................................................................................ 8  4.1.  Cryptographic Keys and CSPs ............................................................................ 8  4.2.  Access Control Policy ......................................................................................... 8  5.  Mitigation of Other Attacks ...................................................................................... 10  List of Tables  Table 1 - Cryptographic Module Validation Levels ........................................................... 4  Table 2 - Acronyms/Definitions ......................................................................................... 4  Table 3 - FIPS Approved Algorithms ................................................................................. 6  Table 4 - Non-approved Algorithms ................................................................................... 6  Table 5 - List of Keys/CSPs................................................................................................ 8  Table 6 - Key/CSP Access Control Policy ......................................................................... 9  This non-proprietary security policy may be redistributed intact, free of modification. Page 2 of 10 1. Introduction The following describes the security policy for the BAE Systems STOP 7 Kernel Cryptographic Module (Version 1.1). The STOP 7 Kernel Cryptographic Module provides FIPS-validated cryptographic operations including encrypting/decryption, MAC, hashing and random number capabilities to the STOP 7 Operating System Kernel via the module API. The STOP 7 Kernel Cryptographic Module is a software module linked into the STOP 7 kernel (see Figure 1). The module provides the cryptographic functionality required by the kernel to perform data protection functionality of the STOP 7 operating system’s encrypted file system. It also provides the secure random number generation functionality that is provided to the operating system users (via the /dev/urandom device). Since the module is a software module designed to run on a general purpose computer system, the FIPS 140-2 embodiment is a multi-chip standalone device. The module is defined by the physical boundary of the general purpose computer system and is logically defined by bounds of the library linked into the kernel. This module is always distributed contained entirely within the monolithic kernel of the operating system. The validation testing was performed on the BAE Systems STOP 7.3 Beta 1 operating system. STOP 7 Kernel STOP 7 Kernel Crypto Module Encrypted (libcrypto.a) filesystem User Application /dev/urandom Figure 1 - Cryptographic Module Diagram (boundary in blue) 1.1. Purpose This document covers the secure operation of the STOP 7 Kernel Cryptographic Module including the initialization, roles, and responsibilities of operating the product in a secure, FIPS-compliant manner. This non-proprietary security policy may be redistributed intact, free of modification. Page 3 of 10 The module is being validated to FIPS 140-2 at an Overall Level 1. The table below details levels met by the module for each section of the FIPS 140-2 standard. Table 1 - Cryptographic Module Validation Levels FIPS 140-2 Section Level Cryptographic Module Specification 1 Cryptographic Module Ports and Interfaces 1 Roles, Services and Authentication 1 Finite State Model 1 Physical Security N/A Operational Environment 1 Cryptographic Key Management 1 Electromagnetic Interface/Electromagentic Compatibility (EMI/EMC) 1 Self-Tests 1 Design Assurance 1 Mitigation of Other Attacks N/A 1.2. Glossary Table 2 - Acronyms/Definitions Term/Acronym Description AES Advanced Encryption Standard API Application Programming Interface CBC Cipher Block Chaining DES Data Encryption Standard DRBG Deterministic Random Bit Generator ECB Electronic Code Book FIPS Federal Information Processing Standard HMAC Hash-based Message Authentication Code RNG Random Number Generator SHA Secure Hash Algorithm STOP Secure Trusted Operating Platform This non-proprietary security policy may be redistributed intact, free of modification. Page 4 of 10 2. Roles and Services The STOP 7 Kernel Cryptographic Module provides two different roles and a set of services particular to each of the roles. The module does not support operator authentication, since it is a Level 1 validation, meaning that operators implicitly assume either the crypto-officer or user role based on the service being performed. 2.1. Roles The roles of the module include a Crypto-officer and User Role. Each of these roles are implicitly assumed based on the service being performed by the operator. 2.1.1. User Role The User Role has access to use the STOP 7 Kernel Cryptographic Module to perform the cryptographic operations available via the module API. While operating as a User, one can perform any of the following services: • Encryption/Decryption • HMAC • Show Status • Generate Random Value 2.1.2. Crypto-officer Role The Crypto-officer Role has access to perform the administrative tasks of the STOP 7 Kernel Cryptographic Module. The Crypto-officer must perform the installation of the STOP 7 Kernel Cryptographic Module, which is done by installing the monolithic STOP 7 kernel. Initialization is automatically performed by the monolithic STOP 7 kernel when the system is booted. The Crypto-Officer does not perform any of the cryptographic operations through the module API. While operating as the Crypto-officer, one can perform any of the following services: • Install/Uninstall Module • Perform self-tests This non-proprietary security policy may be redistributed intact, free of modification. Page 5 of 10 3. Secure Operation and Security Rules In order to operate the STOP 7 Kernel Cryptographic Module securely, the operator should be aware of the security rules enforced by this security policy and should adhere to those rules in order to maintain operation in the FIPS approved mode. 3.1. Security Rules The security rules enforced by this security policy define the behavior that must be followed by the operator of the STOP 7 Kernel Cryptographic Module in order to maintain the FIPS approved mode of operation. 3.1.1. FIPS 140-2 Security Rules The following are security rules that stem from the requirements of FIPS PUB 140-2. The operator must observe these security rules to maintain the FIPS approved mode of operation. 1. The module must be used as part of the STOP 7.3 Beta 1 operating system running on an x86-compatible general purpose computer. 2. The operator of the module shall only use the FIPS approved algorithms as noted in Section 3.2. 3.2. Cryptographic Algorithms The STOP 7 Kernel Cryptographic Module provides many different cryptographic algorithms. Specifically, the module provides the following FIPS approved algorithms: Table 3 - FIPS Approved Algorithms Algorithm Type Details Certificate AES 128-, 192- and 256-bit, ECB and CBC #1603 DRBG SP800-90 AES_CTR DRBG #78 HMAC SHA-256 #939 SHS SHA-1, SHA-256, SHA-384, and SHA-512 #1416 Triple-DES 112- and 168-bit, ECB #1048 In addition, the module includes the following non-FIPS approved algorithms: Table 4 - Non-approved Algorithms Algorithm Type Details DES 56-bit, ECB When the module is being used in a FIPS approved mode of operation, the operator shall only make use of the FIPS approved algorithms identified above. This non-proprietary security policy may be redistributed intact, free of modification. Page 6 of 10 3.2.1. Self-Tests The STOP 7 Kernel Cryptographic Module implements the following self-tests, as required for FIPS 140-2: • AES Known Answer Test • DRBG Known Answer Test • HMAC Known Answer Test • SHS Known Answer Test • Triple-DES Known Answer Test • Software Integrity Test (HMAC) • Conditional: Continuous Random Number Generation Test (SP800-90 DRBG) This non-proprietary security policy may be redistributed intact, free of modification. Page 7 of 10 4. Cryptographic Key Management This section specifies the STOP 7 Kernel Cryptographic Module’s key management, including the definition of cryptographic keys and critical security parameters. 4.1. Cryptographic Keys and CSPs The STOP 7 Kernel Cryptographic Module supports the following cryptographic keys and critical security parameters: Table 5 - List of Keys/CSPs Key/CSP Description Data Protection Keys The AES and Triple-DES values used to perform encryption and decryption of data and are provided through the module’s API. These values are stored in plaintext in the RAM of the general purpose computer system. Integrity Key The HMAC key values used to perform integrity calculation of data and are provided through the module’s API. These values are stored in plaintext in the RAM of the general purpose computer system. DRBG Key The DRBG key value is one of the secret internal values of the SP800-90 DRBG and is generated as defined by SP800-90, which is initially seeded by the conditioned entropy source. DRBG V The DRBG V value is one of the secret internal values of the SP800-90 DRBG and is generated as defined by SP800-90, which is initially seeded by the conditioned entropy source. 4.2. Access Control Policy The STOP 7 Kernel Cryptographic Module allows controlled access to the cryptographic keys and CSPs contained within it. The following table defines the access that an operator or application has to each key or CSP when performing a specified service for a given role. The permissions are categorized as a set of four permissions: read (r), write (w), execute (x), delete (z). If no permission is listed, then an operator outside the module has no access to the key or CSP. This non-proprietary security policy may be redistributed intact, free of modification. Page 8 of 10 Table 6 - Key/CSP Access Control Policy Data Protection Keys and CSPs Integrity Keys DRBG Key Key/CSP Access Policy DRBG V Keys Role/Service Crypto-Officer Install/uninstall Module Perform Self-Tests User Encryption/Decryption wx HMAC wx Show Status Generate Random Value wx wx This non-proprietary security policy may be redistributed intact, free of modification. Page 9 of 10 5. Mitigation of Other Attacks The STOP 7 Kernel Cryptographic Module does not provide any methods of mitigation of other attacks. This non-proprietary security policy may be redistributed intact, free of modification. Page 10 of 10